Create a delivery chain

Step 1: Create a delivery chain and configure basic information

1. Log on to the Container Registry console.

2. In the top navigation bar, select a region.

3. In the left navigation pane, click Instances.

4. On the Instances page, click the Enterprise Edition instance that you want to manage.

5. In the left navigation pane of the instance management page, choose Cloud-native Delivery Chain > Chain.

6. In the upper-left corner of the Chain page, click Create Delivery Chain.

7. On the Create Delivery Chain page, configure the following parameters in the Basic Information section.

   • Name: the name of the delivery chain.

   • Description: optional. The description of the delivery chain.

   • Scope: Select a namespace and an image repository in the namespace.

   • All Effective: If you turn on this switch, all repositories in the current namespace are added to the delivery chain. If you turn off this switch, you can specify the repositories that you do not want to add to the delivery chain.

Step 2: Configure image building rules

If you select an on-premises image repository, you cannot use the image building feature of the delivery chain.

1. In the delivery chain navigation area, click Image Building, and then click Add Build Rule.

2. In the Build Information wizard, configure the parameters and click Next.

   Parameter	Description
   Type	Specify the type of the source code repository. Valid values: Branch and Tag.
   Branch/Tag	Select or enter a branch or a tag. Regular expressions are supported. If you use release-(?<imageTag>\w*) as the regular expression, the system builds a V1 image when the source code under the release-v1 branch is updated. The V1 image is built within a few minutes. For more information about how to use regular expressions, see Use regular expressions in named capturing groups. Note After you specify regular expressions, images can be built only by the system. You cannot manually build images.
   Build Context Directory	Specify the directory in which the Dockerfile resides. You must specify a relative directory. The parent directory is the root directory of the code branch.
   Dockerfile Filename	Specify the name of the Dockerfile. The default name is Dockerfile.

3. In the Image Version wizard, configure the parameters, click Save, and then click Next.

   Note

   Click Add Configuration to add more image tags. You can add up to three tags.

   Parameter	Description
   Image Version	The tag of the image. Example: latest. You can enable named capturing groups. For example, if you specify a named capturing group for Branch/Tag, you can use the captured content.
   Build Time	The time (UTC+8) when source code is pushed. Example: 20201015 or 202010151613. Note This parameter is optional. If you set this parameter, only the system can build images. You cannot manually build images.
   Commit ID	The number of characters to be obtained from the commit ID of the most recently pushed code. By default, the first six characters are used. You can adjust the slider to change the number of characters. Note This parameter is optional. If you set this parameter, only the system can build images. You cannot manually build images.

4. In the Build Configurations wizard, configure the build parameters and click Confirm.

   Parameter	Description
   Build Architecture	The architecture for which you want to build images. You can select multiple architectures. If you select multiple architectures, multiple container images for the architectures are built for each image tag.
   Build Parameters	The runtime parameters of the image building. Each building parameter is a key-value pair that is case-sensitive. You can configure a maximum of 20 building parameters.

Step 3: Configure the blocking rule for image security scanning

Image security scanning ensures image security when images are replicated and distributed.

1. In the delivery chain navigation area, click Security Scan.

2. In the Node configuration section, configure the blocking rule.

   • Security Engine: You can select the Security Center Scan Engine or the Trivy Scan Engine.

     The Security Center Scan Engine allows you to fix detected vulnerabilities with one click. The Trivy Scan Engine does not support this feature.

     Note

     If you want to use the image scanning feature of Security Center, you must purchase the Ultimate Edition of Security Center. For more information, see Purchase Security Center. If Security Center is not activated in the current region, the option of Security Center is not displayed in the Container Registry console.

   • Block strategy:

     • Blocking: If the blocking rule is met, the system stops the subsequent steps for all images.

       You must define the blocking rule based on Severity and Vulnerability count. You must also configure actions to take after the delivery chain is blocked, such as whether to delete the original image or back up the image.

     • Non-blocking: The system proceeds with subsequent steps for all images.

Step 4: Configure image replication rules

After you configure image replication rules, updated images are automatically replicated between Container Registry Enterprise Edition instances based on the rules.

1. In the delivery chain navigation area, click Trigger Synchronization, and then click Create Rule.

2. In the Create Rule dialog box, enter a rule name, configure the destination instance, and then click Next.

   • Select a region and select an existing instance as the destination instance.

   • If a destination instance does not exist, click Create Instance. For more information, see Create an Enterprise Edition instance.

   Note

   If Internet access is disabled, images can be automatically replicated in different regions.

3. In the Replication Information wizard, configure the source instance details and click Create Rule.

   Parameter	Description
   Replication Level	Select the replication level. Valid values: Namespaces and Repository.
   Source Address	Select a namespace and repository name. Enter a regular expression to filter image tags. By default, all tags are replicated. You must select a specific source repository only if you set Replication Level to Repository.

Step 5: Configure distribution triggers

You can configure distribution triggers to automatically distribute images. This way, applications can be automatically redeployed.

1. In the delivery chain navigation area, click Trigger, and then click Create.

2. In the Create Trigger dialog box, configure the parameters and click Confirm.

   Parameter	Description
   Name	The name of the trigger.
   Trigger URL	The URL to which the trigger sends notifications. You can obtain the URL from the configurations of your Container Service for Kubernetes (ACK) cluster.For detailed steps，seeUse container image triggers to automatically update applications。
   Trigger	The trigger method. Valid values: All: Each time an image is updated, image distribution is triggered. By RegExp: A regular expression is used to filter image tags. Image distribution is triggered only if an image tag matches the regular expression. By Tags: Tags are used to filter images. Image distribution is triggered only if an image tag is in the specified tag list.

3. In the lower-left corner of the Create Delivery Chain page, click Create.